CVE-2025-67364 – CVE-2025-67364 is a critical path traversal vul... (How to Fix)

📋 TL;DR

CVE-2025-67364 is a critical path traversal vulnerability in fast-filesystem-mcp version 3.4.0 that allows attackers to bypass directory access restrictions using symbolic links. This enables unauthorized access to sensitive files outside permitted directories. Users of fast-filesystem-mcp 3.4.0 with file operations enabled are affected.

💻 Affected Systems

Products:

fast-filesystem-mcp

Versions: 3.4.0

Operating Systems: All platforms supporting symbolic links (Linux, macOS, Unix-like systems)

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where symbolic links can be created by attackers within directories accessible to the application.

📦 What is this software?

Fast Filesystem Mcp by Efforthye

View all CVEs affecting Fast Filesystem Mcp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through access to sensitive system files like /etc/passwd, /etc/shadow, SSH keys, or configuration files containing credentials.

🟠

Likely Case

Unauthorized file read access leading to information disclosure of sensitive data, configuration files, or source code.

🟢

If Mitigated

Limited impact if proper file system permissions and access controls are implemented at OS level.

🌐 Internet-Facing: MEDIUM - Exploitation requires file operation capabilities exposed to untrusted users, which may occur in web applications using this library.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can leverage this to escalate privileges and access restricted files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires ability to create symbolic links in directories the application can access, typically requiring some level of access or file upload capability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.1 or later

Vendor Advisory: https://github.com/efforthye/fast-filesystem-mcp/issues/10

Restart Required: No

Instructions:

1. Update fast-filesystem-mcp to version 3.4.1 or later using npm: npm update fast-filesystem-mcp
2. Verify the update with: npm list fast-filesystem-mcp
3. Test file operations to ensure functionality is maintained.

🔧 Temporary Workarounds

Disable symbolic link resolution

all

Configure the application to disable or restrict symbolic link processing in file operations

Set environment variable: export FAST_FS_DISABLE_SYMLINKS=true
Or modify config: { "allowSymlinks": false }

Restrict file system permissions

linux

Run application with minimal file system permissions and use chroot/jail

Run as non-root user: sudo -u appuser node app.js
Use chroot: chroot /safe/path node app.js

🧯 If You Can't Patch

Implement strict file system access controls and run application with least privilege
Monitor for suspicious file access patterns and audit symbolic link creation

🔍 How to Verify

Check if Vulnerable:

Check package.json for fast-filesystem-mcp version 3.4.0: grep -A2 -B2 'fast-filesystem-mcp' package.json

Check Version:

npm list fast-filesystem-mcp

Verify Fix Applied:

Verify version is 3.4.1 or later: npm list fast-filesystem-mcp | grep fast-filesystem-mcp

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns outside expected directories
Multiple failed path validation attempts
Access to system files from application context

Network Indicators:

N/A - This is a local file system vulnerability

SIEM Query:

source="application.log" AND ("path traversal" OR "symlink" OR "../" OR access_denied) AND process="node"

📊 Metadata

CVE ID: CVE-2025-67364

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-24

EPSS Score: 0.04% exploit probability (12.1th percentile)

Published: January 7, 2026

Last Updated: January 29, 2026

🔗 References

https://github.com/efforthye/fast-filesystem-mcp Product
https://github.com/efforthye/fast-filesystem-mcp/issues/10 Exploit,Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67364, you might also want to check these: